Account Lockout repeatedly, even though lockout policy is disabled

Similar Messages

• Is it best practice to use account lockout policy

  Windows Server 2008 r2 (will be moving to 2012 r2)
  since implementing account lockout policy two days ago, we've been bombarded by calls to unlock accounts. and after a few minutes, same users get their accounts locked again.
  my question, since we are already using strong password policy (8 chars min, 90 days max to expire), at this day and age is it still best practice to rely on account lockout policy? keeping in mind the above flood of calls.

  since implementing account lockout policy two days ago, we've been bombarded by calls to unlock accounts. and after a few minutes, same users get their accounts locked again.
  my question, since we are already using strong password policy (8 chars min, 90 days max to expire), at this day and age is it still best practice to rely on account lockout policy? keeping in mind the above flood of calls.
  account lockout is generally considered un-necessary if you have implemented a very strong password complexity/history policy.
  There are many discussions on the topic of password/passphrase "strength", and it's important to consider the various factors involved, and, how they affect your organisation's view of "security".
  I would say that 8 chars is not very strong. You should also consider if password aging/expiry is a useful control at all.
  Since this forum is related to Group Policy, and, password/security is really quite a separate topic, you should consider the DS forum or the security forum, or separate research or consulting services, to get a broad understanding of the things to consider
  for your particular requirements/scenario.
  Other considerations include any security standards which can be useful reading to understand the nature of the topic (e.g. PCI DSS, HIPAA, FIPS, etc)
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Is account lockout policy still best practice

  Windows Server 2008 r2 (will be moving to 2012 r2)
  since implementing account lockout policy two days ago, we've been bombarded by calls to unlock accounts. and after a few minutes, same users get their accounts locked again.
  my question, since we are already using strong password policy (8 chars min, 90 days max to expire), at this day and age is it still best practice to rely on account lockout policy? keeping in mind the above flood of calls.

  Just to add, I think it would have been a better idea to broadcast the planned changes organization wide before implemeting something like this.
  Place to check that we usually check and possibly good to let people know:
  Desktops
  Extra Laptops that may not be on site
  Mobile phone Exchange accounts or Office 365 hybrid ADFS accounts
  WIFI profiles on laptops, iPads, other tablets, mobile phones, etc
  Locked workstations that have not been logged off
  Services using a user account or with old credentials - usually I see devs doing this
  Mapped Drives with explicit permissions
  Current running RDP/RDS sessions
  Scheduled Tasks with old credentials
  VPN connections
  etc
  Troubleshooting account lockout the Microsoft PSS way
  http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-
  Account Lockout and Management Tools
  http://www.microsoft.com/en-us/download/details.aspx?id=18465way.aspx
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• My iPod touch is permanently disabled and it says to connect my iPod to my iTunes yet when I do that, it tells me to type in pass code even though it's still disabled. i cant go to DFU mode cause my home button is broken PLEASE HELP ME GOD I MISS MY IPOD

  My iPod touch is permanently disabled and it says to connect my iPod to my iTunes yet when I do that, it tells me to type in pass code even though it's still disabled. i cant go to DFU mode cause my home button is broken PLEASE HELP ME GOD I MISS MY IPOD TOUCH PLEASE :'((

  i cant do that sir ,my ipod touch 4g keeps rebooting and rebooting all over again until the battery is empty HELP GUYS PLEASE

• My iPod touch is permanently disabled and it says to connect my iPod to my iTunes yet when I do that, it tells me to type in pass code even though it's still disabled. PLEASE HELP ME

  My iPod touch is permanently disabled and it says to connect my iPod to my iTunes yet when I do that, it tells me to type in pass code even though it's still disabled. PLEASE HELP ME

  I have the same problem with mine... but im trying to find a way to fix it without restoring it...
  but one fix is to shut it down completely ... then press and hold BOTH the power button and the home button .. hold both of those 4 ten seconds .. then release the power button but still hold down the home button .. and then it'll show something that says "connect to itunes" once u get it connected to itunes , click the restore button ... BEWARE THIS WILL WIPE OUT EVERYTHING ON YOUR IPOD!!! IT WILL RESTORE IT BACK TO FACTORY SETTINGS , AS IF U JUST BOUGHT IT !!!!! then it should work fine again .. but u will lose all data on there besides the things you have synced with itunes already..
  Thats y im iffy with doing this , im trying to find a fix where i wont have 2 restore it but i dont think there is 1 :'(
  good luck tho
  ~sam

• HT1918 bank card linked to i tune account keeps declining even though money in my account card has always been ok before

  bank card linked to my i tune account on my i phone keeps declining even though money in my account and card has always worked before

  Look, I understand I still need a card attached to the account. The problem is, it won't accept my card because I only have 87 cents in my bank account right now.
  If I had known there would be so much trouble with the iTunes card, I would have just put the cash in my bank account in the morning instead of buying an iTunes card (I didn't expect the banks to be open on Thanksgiving of course).
  Apple will only accept cards that have a balance. The balance is so small in my account that it won't accept it as a valid card.
  I'm going to have to contact Apple anyway to reset the security questions. That's obvious. Your answers were not exactly helpful. You didn't tell me anything I don't already know, but thanks for trying to be helpful.

• On yosemite - update itunes 12.1.2 notification appears repeatedly even though it was updated.

  on yosemite - am notified every few days to update itunes 12.1.2 even though it was updated.
  No indication that previous updates failed.
  Update has the same version number and the same description.
  I see it also listed as a previous update.

  Actually, I found other posts implicating Spotlight (which may be finding and referring to a copy of iTunes.app it found elsewhere, even if that copy is no longer around). Trying the re-indexing (forcing re-indexing is the proposed solution) now.
  Interestingly, the command sudo mdutil -E on its own didn't seem to get Spotlight to dump its index and start re-indexing. It took adding the root path like this: sudo mdutil -E /
  Update
  Strangely, other apps started showing up in Spotlight searches after only a few seconds. After a few minutes into the indexing, any app I'd try would show up, but iTunes still wouldn't. On the command line, I entered:
  mdimport /Applications/iTunes.app
  This command forces Spotlight to index (import the metadata of) the specified target. I then tried the search again and it found it right away. Refreshed App Store's Updates page and iTunes remained. I'll wait until the indexing is done then restart and see if that helps.

• Clamav running even though virus filtering is disabled

  greetings all,
  I am running an OS X Server 10.4.8 machine. I have virus filtering turned off, and with good reason - when it is on, there is a big performance hit. However, this afternoon clamav randomly clicked on, even though virus filtering is still disabled. I wasn't even working on the server - I only noticed because my monitoring software alerted me to the increased CPU usage. Any ideas as to what could have caused this behavior, and what I can do to reverse it?

  OK. This is due to how Apple's default configuration is set up.
  amavisd is the content filter and as such responsible for passing mail to spamassassin and/or clamav. On a standard installation, if you turn of virus scanning it will basically only turn of virus database updates, but amavisd will still call clamscan (without reporting anything back or taking any action).
  You have several options.
  1. Turn off content filtering altogether. Not a good idea as you would be buried in spam.
  2. Edit /etc/amavisd.conf and comment out (put a "#" in front of the lines)
  ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
  ['ClamAV-clamscan', 'clamscan',
  "--stdout --disable-summary -r --tempdir=$TEMPBASE {}",
  [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
  (May look slightly different on your system.)
  Restart after doing this.
  3. Re-Enable virus scanning and find out why it so heavy on your resources. A properly configured system shouldn't have any major issues (unless you have 100'000 mails a day on underpowered hardware). Make sure you have postfix reject as much rogue mail as possible, before it even hits the content filter.
  (There are plenty of threads on this around).
  Alex

• Can i access the numpad again even though my iphone is disabled?

  Hi everyone!
  I have an iphone 3gs that i haven't used in a while and it says "iphone is disabled. Connect to iTunes". My mom had tried to unlock it multiple times and got it to this point. I know the password, is there any way i can access the numpad again  because i do not want to restore it.
  & when i connect it to itunes, it doenst do anyhting but say that my computer cant access it due to it being locked.
  & since its been a while, i do not have my original computer i set it up with as it had a motherboard failure about 4 months ago.
  & No, this is not a stolen iphone as i know the password, and i do have all the original packaging (just throwing this out there)
  In short:
  can i access the numpad again even though its disabled?
  Thanks!
  Jordan
  Message was edited by: j0rdann - for title change

  If it doens't say try again in x minutes, no.  And since you don't have the computer is was last synced to, you're going to have to restore it.

• Shockwave Player 12.0.7.148 prompts for an auto update. Even though Auto Update is disabled.

  We have been re-packaging Adobe Shockwave Player 12.0.7.148. Application is prompting to upgrade new version i.e. auto update even though auto update functionality is disabled. Can any one please help in this? When we right click on shockwave frame over an internet page and check the properties, we can see an Autoupdate is supress.
  Thanks for your return.

  Thank you for your reply. Like I said in my post, I have been having this issue since the summer of 2011, when I was still using regular firefox. In fact, I had made the switch to Aurora in the hopes that this would be solved, given the ongoing changes to the update process. Going back to regular Firefox, which seems to be your only suggestion, would therefore not solve my problem, and it would rob me of the opportunity to enjoy and give feedback on other new features.
  In addition, like I said in my original post, I have tried several of the most common ways of dealing with such issues, to no avail. After an extensive search, I also couldn't find anybody else with this bug. That is why I turned to this support forum. If you know of a way this problem could be solved, I would very much appreciate it.

• Why does playlist on iPod keep repeating and repeating even though play count rule is 1

  Hello, everyone!
  I have a smart playlist of about 100 songs.  The play count rule is set to play songs with a play count of less than 1.  A few days ago, I reset all of the songs play count to 0.  If you ask me, the way I have it set up, when the iPod is playing with my headphones on, the iPod should automatically update each songs play count to 1 after each song plays.  After I have listened to all 100 songs, the playlist on the iPod should be empty.  The reason is is because since each song was updated from their play count of 0 to 1 after each one played the play count rule in the playlist should show no songs in the playlist.  Like I said before, the rule says to play any songs with a play count of less than 1.  Since all of the play count of the 100 songs are now 1 and not less than 1, the playlist should be empty.
  The problem is, when I'm listening to my iPod and the 100 songs have played, the playlist is not empty.  It just keeps repeating songs and it will never stop.  When I go to iTunes, the songs are randomly with play counts of 3 or 2 or 1 or however many times they have been repeated.
  Does anyone know why this is?

  The reason the songs don't delete themselves after playing from the playlist on the iPod is because your iPod is not smart enough to do that. It's only when you re-sync your iPod to your iTunes library does the smart playlist in your iTunes library delete the played songs. Then the playlist on your iPod will adjust to the number left unplayed in that playlist.
  So as long as you don't sync back to your library the number of songs in that playlist will never reduce to zero.
  CDJunkie

• HT1414 I am a tech-tard and am afraid to restore my device.  I do not think my backup is properly stored in my computer.  My device is not talking to my account- battery dies even though it shows battery life...and asks for my phone # before I text or cal

  I have been told by the apple store that I have a software problem but have not been given any assistance on how to resolve the issue.  Even with a full charge the device will power off, most of the time stating that the battery is dead.  However, when I plug it in the device will show adiquate battery to operate.  It will even ask what my phone number is before I can send a text or get any voicemail.
  I tried looking on the help pages but nothing has seemed to make a difference.  All of my children hve moved out so I don't have anyone else to get assistance from.  I am afraid to do a restore because I can't find where my data is stored in my computer.
  Any help is greatly appreciated!
  Thanks, Shelby

  Yes, assuming they are currently on the computer.
  If the iPhone has been used as designed, contacts are either in a supported application on the computer or are synced to a cloud service.
  Pictures would be copied to the comptuer regularly and then those desired to be on the device would be synced back.

• Firefox Update 3.6.12 wants to isntall repeatedly, even though I have already installed it. How do I make it stop?

  Once a day, Firefox Update 3.6.12 wants to install and "Restart Firefox". I have now installed it multiple times and the update keeps on appearing.
  How do I get this to stop?

  Your UserAgent indicates that you used Firefox 3.6.17 to post here. <br />
  Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17
  What does it say about the version of Firefox you have in '''Help > About Firefox'''?
  If it says Firefox 4.0 or 4.0.1, see if this helps you: <br />
  https://support.mozilla.com/en-US/kb/Websites+or+add-ons+incorrectly+report+incompatible+browser

• Firefox is caching old passwords and I can't even get on certain sites now. Even though I have that disabled.

  Help!

  If you have turned off Firefox's password manager feature, then the next thing to try would be to delete cookies for the problem sites.
  While viewing a page on the site, try either:
  * right-click and choose View Page Info > Security > "View Cookies"
  * Tools menu > Page Info > Security > "View Cookies"
  * click the padlock or globe icon in the address bar > More Information > "View Cookies"
  In the dialog that opens, you can remove the site's cookies individually.
  Then try reloading the page and logging in from scratch. Does that help?

• How can I reset my iphone even though it's completely disabled?

  How can i restart my iphone completely?

  Disabled as in completely unusable or disabled as in a passcode was entered incorrect too many times?
  If the first one, take it to an Apple Store or call Apple Support to get a hardware repair/replacement.
  If the second one: http://support.apple.com/kb/ht1212